Generally described, computing devices and communication networks can be utilized to exchange information. In a common application, a computing device can request content from another computing device via the communication network. For example, a user at a personal computing device can utilize a software browser application to request content, such as a Web page, from a server computing device via the Internet. In such embodiments, the user computing device can be referred to as a client computing device and the server computing device can be referred to as a content provider.
Content providers are generally motivated to provide requested content to client computing devices often with consideration of efficient transmission of the requested content to the client computing device and/or consideration of a cost associated with the transmission of the content. For larger scale implementations, a content provider may receive content requests from a high volume of client computing devices. Such higher volume requests can place a strain on the content provider's computing resources utilized to provide the requested content. Additionally, the content requested by the client computing devices may have a number of components, which can further place additional strain on the content provider's computing resources.
With reference to an illustrative example, a requested Web page, or original content, may be associated with a number of additional resources, such as images or videos, which are to be displayed with the Web page. In one specific embodiment, the additional resources of the Web page are identified by a number of embedded resource identifiers, such as uniform resource locators (“URLs”). In turn, software on the client computing devices typically processes embedded resource identifiers to generate requests for the content. Often, the resource identifiers associated with the embedded resources reference a computing device associated with the content provider such that the client computing device would transmit the request for the additional resources to the referenced content provider computing device. Accordingly, in order to satisfy a content request, the content provider(s) (or any service provider on behalf of the content provider(s)) would provide client computing devices data associated with the Web page and/or the data associated with the embedded resources.
Some content providers attempt to facilitate the delivery of requested content, such as Web pages and/or resources identified in Web pages, through the utilization of a network storage provider or a content delivery network (“CDN”) service provider. A network storage provider and a CDN server provider each typically maintain a number of computing devices in a communication network that can maintain content from various content providers. In turn, content providers can instruct, or otherwise suggest to, client computing devices to request some, or all, of the content provider's content from the network storage provider's or CDN service provider's computing devices.
As with content providers, network storage providers and CDN service providers are also generally motivated to provide requested content to client computing devices often with consideration of efficient transmission of the requested content to the client computing device and/or consideration of a cost associated with the transmission of the content. Accordingly, the service providers often consider factors such as latency of delivery of requested content in order to meet service level agreements or to generally improve the quality of delivery service.
With reference to the previous illustrative example, in some implementations, the content provider may desire to designate at least some of the additional resource embedded in the requested Web page as restricted content or to otherwise keep some portion of the content secure. In one approach, the content provider can utilize functionality included in the communication protocols, such as the Referer header associated with hypertext transfer protocol (“HTTP”), to restrict which clients can request content from a CDN service provider. However, such approaches are typically considered as a weak form of authentication and are prone to be spoofed. In another approach, the content provider can specify for the utilization of shared secret keys between the content provider and the CDN service provider or otherwise require the CDN service provider to authenticate all client requests for content with the content provider. However, such approaches typically require additional infrastructure and resources from the content provider and CDN service provider regarding authorization or verification protocols for each secure content request by a client.